Hey there, this is not a comprehensive guide to using Kali Linux, the good folks who developed it have put together a great manual in the form of a free EBook (link below) as well as an online training course, also free! I wanted to give a brief overview of Kali Linux below, and help you decide if it’s right for you to dive deeper into.
If you don’t want to go too much into the details, here is a quick bullet point list:
- Intended as a security auditing tool, not as a general day to day use OS
- Not for those who are new to Linux-based systems, best used by infosec professionals and those who have prior sysadmin experience with Linux systems
- Comes with and supports several security packages & repositories, but will require quite a bit of work to run even some fairly standard ones such as Node.js
- Basically, if you’re looking for something to run day to day or are just looking to learn more about Linux distros in general Kali Linux is not the best choice for your needs.
If you do happen to be looking for more general training on getting started with Linux then I recommend starting here.
What is Kali Linux?
If you didn’t know already, Kali Linux is a security auditing tool that you can use to find vulnerabilities in your machines and networks. Please note that the operative word here is ‘your’. The creators of Kali did not build it so that you could hack into your enemies stuff. It is a tool for good, it is up to you to use it appropriately. Although the developers make images freely available to download, the actual development is not community based for security reasons. So it’s completely safe to use, you don’t need to worry about somebody (ironically) sticking a backdoor into a tool that is designed to find those. That would be the perfect cover though, wouldn’t it? They do however make their development tree freely available, so if you want to customize a package for your specific situation you are welcome to do so.
Some of the nice features that the developers have included are extensive wireless device support, FileSystem Hierarchy Standard compliance, multi-language support, and customization options all the way down to the kernel (wow!).
This Guide is for Beginners, But…
So, here is the thing. If you are a total beginner at Linux in general, I don’t suggest using Kali Linux. It can really mess up your machine and be a massive headache if you don’t already have a pretty good grasp on being a sysadmin. You also will have a hard time using a lot of packages and repositories that are pretty commonplace, such as NodeJS. If you’re goal is to learn how to use a Linux environment or a good desktop installation, there are a ton of better options for you. I’d try Linux Mint or Arch Linux, both of which I will have tutorials on soon. I wrote this one first because…well, I just felt like it.
Kali Linux was designed for security professionals who already have a strong understanding of Linux distros and administering Linux systems, or as a learning tool for the more experienced user. If that does describe you, then carry on reading.
Getting Kali Linux
Depending on what you want to run Kali Linux on there are a few options for downloading an image. They also have options for a ‘live’ image that requires network access (which is perfect for running from a USB) and one that does not and can install completely on it’s own. The latter is the version that the developers suggest that most users download. They also have special builds available to run on VMware and ARM-based devices. All of these different images can be found on the Kali Linux official website Downloads page or the Offensive Security page for Kali Linux. Be absolutely sure you are only getting images from these two sources, and it’s a good idea to verify the SHA256 signature manually as well. If you are unsure of how to do this they provide detailed instructions on the Kali.org website.
Default Credentials for Kali Linux
Please note that this has changed as of the release of Kali Linux 2020.1, the default user is no longer root/toor. Your default user is now a standard user account and the credentials will be kali/kali. Also note that if you are using the Vagrant image, then your default credentials are vagrant/vagrant as per the Vagrant policy. There are a few tools that come standard with any Kali Linux distro such as BeEF-XSS, MySQL, OpenVAS, and Metasploit and they have their own default credentials, which are covered on the Kali.org website.
Training for Kali Linux
I know, you came here because you wanted a quick and dirty guide to getting started with Kali Linux, but as you may have gathered from above this is a fairly advanced Linux distro that isn’t really for novices. If you are an infosec professional then I would urge you to go direct to the source and get trained from the people who made it! There is a free ebook that you can download in PDF format (link below), as well as a free online course. I would start with reading through the book to get a good overview, and then you can jump into the online course which will give you some hands on practice as well as skills testing.
If you really enjoy working with Kali Linux and would like to do so officially on a professional level then you can take the KLCP exam and become a certified pentester for them. The exam is 80 questions and you will have 90 minutes to complete it.